There’s been a break-in! And this time, it’s a physical, real-world break-in — not the digital variety we’ve grown so accustomed to hearing about lately.

Vudu, the video streaming service acquired by Walmart in 2010, has just sent an email to customers letting them know of a break-in that occurred in their Santa Clara, CA office on March 24th.

While it appears that credit card info is mostly safe (Vudu says they never stored anything but the last four digits), the thieves walked off with multiple hard drives containing data like customer names, encrypted passwords, addresses, and phone numbers.

While the passwords contained on the hard drive are said to have been encrypted, Vudu is immediately voiding all current account passwords and recommending that users “be proactive” with their security (read: if you’ve got a Vudu account and are using the same password elsewhere on the Interwebs, you should consider changing it.)

Vudu has confirmed the break-in on their site, and their official statement on the matter follows:

On March 24, 2013, there was a break in at the VUDU office and a number of items were stolen, including hard drives. These hard drives contained customer data including names, email addresses, mailing addresses, account activity, dates of birth, and encrypted passwords, but NO full credit card numbers. We are proactively retiring and resetting all passwords and notifying all customers. As another level of protection for customers we are also providing AllClear ID identity protection services. We reported the theft to law enforcement immediately, and are cooperating fully with their investigation.

Wait, wait — March 24th? Good on Vudu for reporting the break in and all, but why did it take them nearly 3 weeks to do so?